Did China Help North Korea Hack Sony?

Excerpt:

Yet we do not need to speculate on the origin of the Sony attacks to find China complicit in the crime. After all, the attacks were routed through Chinese IP addresses. It is true that, in an apparent attempt to mask their origin, the attacks were also passed through, among other places, a Singapore convention center, Thailand’s Thammasat University, and a computer in Bolivia. No one is accusing the governments of Singapore, Thailand, or Bolivia of being behind the assaults.

The use of Chinese servers indicts Beijing, however. China maintains the “Great Firewall,” what many consider the world’s most comprehensive and sophisticated set of Internet controls. Chinese authorities can detect a single-line message sent from a computer or phone anywhere inside the People’s Republic. Therefore, these authorities knew or should have known about both the North Korean attacks passing out through the Firewall and the inbound data stolen from Sony, more than 100 terabytes worth.

WORLD AFFAIRS 12/21/2014 @ 3:30PM 1,402 views

Did China Help North Korea Hack Sony?

Gordon G. Chang

Contributor

I write primarily on China, Asia, and nuclear proliferation.

Opinions expressed by Forbes Contributors are their own.

Comment Now

http://www.forbes.com/sites/ gordonchang/2014/12/21/did- china-help-north-korea-hack- sony/print/

A “senior administration official” told CNN yesterday that Washington had asked Beijing for assistance in connection with the hacking of Sony Pictures Entertainment, a unit of Sony Corporation. “We have discussed this issue with the Chinese to share information, express our concerns about this attack, and to ask for their cooperation,” the official told the network.

To enlist the Chinese to its side, the White House has avoided the ticklish issue of Beijing’s assistance to the Kim regime. So at the moment the Obama administration is blaming North Korea-and only North Korea-for the incident, which Michael Lynton, chief executive of the Sony unit, termed “the worst cyber attack in American history.”

On Friday, the FBI issued its now-famous statement accusing the North. The agency, in that statement, did not attribute responsibility to any other state. Similarly, Representative Adam Schiff, a member of the House Intelligence Committee, told the Daily Beast that he heard nothing about China’s complicity at a Friday classified briefing about the Sony incident.

President Obama himself weighed in on the issue. “We’ve got no indication that North Korea was acting in conjunction with another country,” he said in response to a question at his end-of-year press conference Friday.

So did the Democratic People’s Republic of Korea, as the North calls itself, pull off the audacious attacks on its own?

The evidence suggests Beijing had to have been aware of North Korea’s hacking of Sony as soon as it began and was undoubtedly complicit in that crime.

Why? An intelligence official, speaking anonymously to Fox News this week,stated the “final stage of the attack” was launched outside North Korea. Ars Technica reports that the attacks originated from Chinese IP addresses.

Nonetheless, there is, at least in open sources at this time, insufficient information to make definitive conclusions about China as the origin of the hacking. Yet the preponderance of evidence indicates the hackers launched their raid from Chinese soil. As David Sanger of the New York Times stated on Wednesday in an article discussing what American officials knew about the incident, “Much of North Korea’s hacking is done from China.”

In line with Sanger’s statement, there has been increasing speculation that North Korea’s Unit 121, a cell of elite hackers, was the organization that mauled Sony. The group is known to be responsible for at least some of the 2013 attacks on South Korean businesses. The code used in those attacks resembles the code employed in the Sony assault.

The shadowy Unit 121 has its headquarters in Pyongyang, but its main base of operations is in China, including the Chilbosan Hotel in the city of Shenyang. Most North Korean cyber warriors, whether directly employed by the regime or freelancing, work from China because North Korea does not have the technical infrastructure to support extensive hacking operations.

Yet we do not need to speculate on the origin of the Sony attacks to find China complicit in the crime. After all, the attacks were routed through Chinese IP addresses. It is true that, in an apparent attempt to mask their origin, the attacks were also passed through, among other places, a Singapore convention center, Thailand’s Thammasat University, and a computer in Bolivia. No one is accusing the governments of Singapore, Thailand, or Bolivia of being behind the assaults.

The use of Chinese servers indicts Beijing, however. China maintains the “Great Firewall,” what many consider the world’s most comprehensive and sophisticated set of Internet controls. Chinese authorities can detect a single-line message sent from a computer or phone anywhere inside the People’s Republic. Therefore, these authorities knew or should have known about both the North Korean attacks passing out through the Firewall and the inbound data stolen from Sony, more than 100 terabytes worth.

Indeed, almost all the North’s telecommunications run through Chinese networks, which means all or virtually all of its Internet connections pass through China. Therefore, North Korea’s hacking, spanning decades, is well known to Beijing.

There is one other indication that North Korea was not working alone. Fox News on Friday reported that a U.S. investigation shows North Korea had help on the assault on Sony. As Fox notes, malware “modules or packets” targeting the company revealed a degree of complexity North Korea was not known to possess. As one intelligence official, speaking without attribution, said to the New York Times, “This was of a sophistication that a year ago we would have said was beyond the North’s capabilities.”

In addition to China, Iran and Russia also have the technology that North Korea used, but China, more than the two others, “supplies much of the manpower and technology North Korea uses to conduct cyber attacks.”

So far, Beijing has not responded positively to Washington’s secret overtures on Sony. Given China’s apparent involvement in North Korea’s cyber attacks, it is not surprising why.
Follow me on Twitter @GordonGChang and on Forbes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: